Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110201152723.3b36d8c1@orphan>
Date: Tue, 1 Feb 2011 15:27:23 +0100
From: Tomas Hoger <thoger@...hat.com>
To: OSS Security <oss-security@...ts.openwall.com>
Subject: CVE request: glibc CVE-2010-3847 fix regression

Hi!

It seems this does not have any CVE assigned yet...

The original patch for CVE-2010-3847, as used by multiple vendors,
introduced a bug in the way $ORIGIN is (not-)expanded when used in ELF
R*PATH.  This could allow a local user to escalate privileges via
privileged program using a library with $ORIGIN in R*PATH (such as
certain glibc iconv modules).

There are at least Debian and Ubuntu advisories addressing this issue:
http://lists.debian.org/debian-security-announce/2011/msg00005.html
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-January/001226.html

Note that privileged programs that themselves have $ORIGIN in R*PATH
could have been abused before and are not addressed in the above
advisories.  It's unclear if any distro provides any privileged program
with such R*PATH though.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.